Speaker: Asra Ali

She / her / hers

Software Engineer @Google

Asra is Software Engineer at Google working on Privacy, Safety, and Security. Her primary focus is on developing a transpiler for Fully Homomorphic Encryption and on the side contributes to the Google Open Source Security Team (GOSST) where she works on projects to improve software supply chain integrity. She’s a maintainer of Sigstore projects and open-source Supply-chain Levels for Software Artifacts (SLSA) tooling repositories. Previously, she worked on Envoy, fuzzing, and privacy-preserving technologies. She's passionate about making the internet a more private and secure space.

Find Asra Ali at:


Achieving SLSA Certification with a “Bring-Your-Own-Builder” Framework

Supply-chain Levels for Software Artifacts, or SLSA (pronounced “salsa”), is a security framework to reason about and improve the integrity of released artifacts. With the recent release of SLSA version 1.0, SLSA is seeing increased adoption, both from industry and open source projects.

Read more


Tuesday Jun 13 / 04:10PM EDT ( 50 minutes )


Dumbo / Navy Yard


Software Supply Chain Security Security Open Source